Privacy Policy

Controller of Personal Data

This Privacy Policy applies to any Personal Data provided to or gathered by Validium where we are the Data Controller. Validium’s registered office is at: The Validium Group Limited, 52-54 Aylesbury End, Beaconsfield, Buckinghamshire, HP9 1LW.

What is ‘Personal Data’?

Personal Data means any information relating to an identified or identifiable person such as name, address, health data, or an online identifier. It could be the name of that person’s employer or their job role or anything else that could identify them as an individual, so it could be one or more factors specific to a person’s physical, physiological, genetic, mental, economic, cultural or social identity of that person.

24 Hour Helpline & Support Service

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

Where this service is being provided for you by your employer, we may occasionally collect data from someone related to you in a work context such as a manager or occupational health advisor. Where we collect your Personal Data from someone else, this is with your consent and is limited to your contact details and your reason for using the service.

What Personal Data do we collect and how long do we keep it?

The Personal Data we collect is limited to what is required in order to provide you with the appropriate support. We will open a case when you contact us and all Personal Data will be stored within this case. Where you have had no contact with Validium for 3 years, any Personal Data you shared with us preceding this time will no longer be held in an identifiable form. This means that the data is no longer your Personal Data as it will be anonymised in such a way that all the personal elements will be permanently and irrevocably deleted. Validium also has a legitimate interest to audio record personal data you provide to us during telephone calls. You will be informed if your conversation is going to be recorded at the time of your call. We may refer to the recording to clarify the details of our conversation and for internal training purposes. Personal data we store in audio format is deleted 42 days after the telephone call.

What is the legal basis for collecting Personal Information?

As this is a service where you would expect to be provided with support for any issues you are experiencing when you voluntarily engage with us, all Personal Data are processed under a legal basis called ‘Legitimate Interests’. This means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with the support you require. In some cases where you require immediate support for a high risk situation, Validium will process your data under ‘vital interests’. To allow Validium to provide the support you need, you may share sensitive Personal Data with us. Under EU data protection law this Personal Data is called ‘Special Categories of Personal Data’ . Validium staff will process special categories of personal data to support your health and wellbeing.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide you with the service we may also pass limited Personal Data including your contact details to a Validium vetted counsellor local to you and other vetted suppliers we use to provide the information elements of the service. We can give you more information about the name of the counsellor or the names of the suppliers when you engage with the service. In rare circumstances when you have indicated to us, or Validium has assessed, you may be at risk of harm we may need to pass some limited Personal Data to agencies that can provide you with the necessary support. Validium uses a UK based supplier to securely store audio recordings of calls that may contain your personal data. This supplier’s activity is limited only to storing data and they strictly have no access to your personal data. For more information on data security, please see the section ‘How secure is my information?’

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing of your data when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Online portal – vClub

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

What Personal Data do we collect and how long do we keep it?

We collect your name, email address, username/password credentials and an answer to an authenticating question that only you will know. This Personal Data will be held for the period of time that the organisation providing this service for you is Validium’s customer.

If you have used eCounselling your data will be retained for 3 years from the time of either your last eCounselling session or any other contact with us, whichever is the latest. Where you have had no contact with Validium for 3 years, any Personal Data you shared with us preceding this time will no longer be held in an identifiable form. This means that the data is no longer your Personal Data as it will be anonymised in such a way that all the personal elements will be permanently and irrevocably deleted.

What is the legal basis for collecting Personal Information?

The purpose of vClub is to provide you with helpful support resources to assist you in any personal or work matters and for this reason Validium has assessed that the Personal Data are processed under the legal basis of ‘Legitimate Interests’ which means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with this resource.

eCounselling – If you engage in eCounselling, you may share sensitive Personal Data with Validium. Under EU data protection law this Personal Data is called ‘Special Categories of Personal Data’. Validium will process special categories of personal data under the condition of provision of health care.

Service Users Newsletter - If you choose to subscribe to the monthly newsletter within vClub then your personal data will be processed under the legal basis of ‘consent’.

Who receives the Personal Data?

The Personal Data required to set up a vClub account is not passed to anyone and is simply stored securely on our database. If you engage in eCounselling, then you may want to share Personal Data including Special Categoriesof Personal Data with a Validium eCounsellor. This data is only accessible by Validium’s clinical staff and is not further shared.

Service Users Newsletter - If you have opted to subscribe to the monthly newsletter, your Personal Data will be stored by an organisation called ‘MyEmma’ who provide email marketing services. MyEmma is a third party data processor. MyEmma’s privacy statement can be found here.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and restrict the processing of your personal data when certain overriding conditions don’t apply. You also have the right to receive a copy of the personal data you used to sign up for the newsletter, in a machine readable format. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Service Users Newsletter – If you sign up for the newsletter, you can withdraw this consent by clicking the unsubscribe link and you have the right to erase your personal data that Validium has been using to send you the newsletters.

Network Affiliate Recruitment

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

What will we do with the Personal Data you provide to us?

All of the Personal Data you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability to be included on the network.

For any individuals whose application has been successful and are invited to join Validium’s affiliate network, Personal Data will be used to engage in a commercial relationship with you and to monitor that all necessary requirements are being fulfilled for your continuation of inclusion on our network.

What Personal Data do we collect and how long do we keep it?

We do not collect more Personal Data than we need to fulfil the purposes of your application and will not retain it for longer than one year for applicants who are notified as being unsuccessful or stored for as long as a commercial relationship exists between you and Validium, for successful applicants. In your application, we ask you for your personal details including name and contact details. We will also ask you about your previous experience, qualifications and other questions relevant to meeting the criteria of being eligible for inclusion on the network. You don’t have to provide what we ask for but it might affect your application if you don’t.

Who receives the Personal Data?

The Personal Data is reviewed and assessed by Validium’s clinical team. For successful applicants Personal Data will continue to be accessible by the clinical team to be appropriately used to make referrals to you. Personal Data will also be used by the Validium accounts team to process payments.

What is the legal basis for collecting Personal Information?

Validium is processing personal data in order to ascertain your suitability to be a member of Validium’s network of affiliate counsellors and for those who are successful, to maintain a commercial relationship with you. Therefore processing is necessary in order to take steps prior to entering into a contract (applicants) or the processing is necessary for the performance of a contract (successful applicants). In both these cases the legal basis for processing your Personal Data is commonly known as the ‘contract’ basis.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to data portability which means we can provide you with a machine readable file of your Personal Details on your request. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

What if you don’t want to be on Validium’s affiliate network?

Where you have made your professional contact details available on a public professional register, Validium may contact you to see if you would like to apply to be on our affiliate network. If you state you do not wish to be on our network, we will hold a suppressed data set limited to your contact details in order that we do not attempt to contact you again in the future. These Personal Data will only be available to clinical staff and will be held for as long as is necessary to fulfil the purpose of not attempting any further contact with you. Your details will be stored under the ‘Legitimate Interests’ basis of EU data protection law.

You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing of your data under certain conditions. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Psychological Services

Who do we get your Personal Data from?

We collect your personal data from someone related to you in a work context such as a manager or occupational health advisor (commonly known as a ‘referring manager’). This person will have referred you into the service. Occasionally, we collect further personal data directly from you and may ask you for your consent to receive your medical records.

If you are the referring manager, we collect your personal data directly from you.

What Personal Data do we collect and how long do we keep it?

If you are the referring manager, we collect your name, contact details and job role description.

Validium retains the above personal data for 3 years.

What is the legal basis for collecting Personal Information?

Psychological Services is one of Validium’s core business services to provide you with a psychological assessment and further support, if authorised by your employer. As there would be an expectation by your employer, referring manager and you to benefit from engaging with the service, all personal data are processed under a legal basis called ‘Legitimate Interests’. This means it is within Validium’s legitimate business interests, within your employer’s and referring manager’s interests and within your personal interests for Validium to process your personal data in order to provide you with the service. In some cases to allow Validium to provide the support you need, you may share sensitive Personal Data with us, or it may have been provided to us by your referring manager. Under EU data protection law this Personal Data is called ‘Special Categories of Personal Data’ . Validium staff will process special categories of personal data to provide you with health care.

If you are the referring manager, legitimate interests applies for processing your personal data.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide Psychological Services we may also pass personal data consisting of your name, telephone number, work details, GP details and health data to a Validium vetted professional psychologist. We can give you more information about the psychologist when you are engaged with the service.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Critical Incident Service

Who do we get your Personal Data from?

If you have notified Validium directly of a critical incident we collect personal data directly from you. If you are an onsite contact, we collect your personal data from the person who notified Valdium of the critical incident. If you have attended a Validium critical incident session and you would like further support we may collect personal data from you.

What Personal Data do we collect and how long do we keep it?

If you have notified Validium of a critical incident or you are the onsite contact on the day that Validium’s Critical Incident services are delivered, we will collect your name and contact details.

If you have indicated that you would like further support following an onsite Validium Critical Incident session, we may collect, with your consent, your name, contact details, work details and a brief description of the issue your require support for.

Personal Data will be held for no longer than is required for the purpose of delivering a Critical Incident Service. However, if you would like further support following the session and are referred into another Validium service your personal data will be held for the duration as indicated in the relevant section of this privacy policy.

What is the legal basis for collecting Personal Information?

The Critical Incident service is one of Validium’s core business services and as you will be expecting to be provided with the service should you either approach us or be involved in a critical incident, Validium has assessed that your Personal Data are processed under the legal basis of ‘Legitimate Interests’ This means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to provide you with this service.

Who receives the Personal Data?

At Validium, your Personal Data is accessible by Validium staff who require access to it to provide you with the service. In order to provide you with Critical Incident services we may also pass your contact details to a Validium vetted critical incident consultant.

If you have attended a Validium critical incident session and you would like further support, we pass your personal data to your employer.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing of your data when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Training

Who do we get your Personal Data from?

Validium collects your personal data from someone related to you in a work context such as a manager. This will be the person who has arranged the training.

What Personal Data do we collect and how long do we keep it?

We collect your name. This data will be held for the duration of the training. From time to time, training may take place via a third party online learning management platform in which case you will be informed of any further personal data required to facilitate this.

What is the legal basis for collecting Personal Information?

Training is one of Validium’s core business services and we need to hold the names of training attendees in order to provide the service. As there would be an expectation by your employer and you to know your name prior to the delivery of the training, your name is processed under a legal basis called ‘Legitimate Interests’. This means it is within Validium’s legitimate business interests, within your employer’s interests and within your personal interests for Validium to hold your name in order to provide you with the service.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide Training Services we may pass your name to a Validium vetted professional trainer. We may use a third party online learning management platform to deliver part, or all, of your training in which case we will inform you at that time which organisation is providing this platform.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Coaching

Who do we get your Personal Data from?

We collect your personal data from someone related to you in a work context such as a manager (commonly known as a ‘referring manager’). This person will have referred you into the service. Occasionally, we collect further personal data directly from you. If you are the referring manager, we collect your personal data directly from you.

What Personal Data do we collect and how long do we keep it?

The personal data passed to us by your referring manager consists of your name and contact details. If you are the referring manager, we collect your name and contact details.

Validium retains the above personal data for 3 years.

What is the legal basis for collecting Personal Information?

Coaching is one of Validium’s business services which provides you with support, if authorised by your employer. As there would be an expectation by your employer, referring manager and you to benefit from engaging with the service, all personal data are processed under a legal basis called ‘Legitimate Interests’. This means it is within Validium’s legitimate business interests, within your employer’s and referring manager’s interests and within your personal interests for Validium to process your personal data in order to provide you with the service.

If you are the referring manager, legitimate interests applies for processing your personal data.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. In order to provide coaching services we may also pass personal data consisting of your name and contact details to a Validium vetted coach.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Visitors to the website

Who do we get your Personal Data from?

We collect your Personal Data directly from you.

What Personal Data do we collect and how long do we keep it?

We collect your name and email address if you choose to receive the monthly newsletter. If you wish to get in contact with us via the contact form we will also collect your employer’s name and your telephone number. Personal data used to receive the free resources or monthly newsletter will be held for 2 months by Validium. For more information about what happens to your personal data during and after this 2 month period, please see the section ‘Who receives the personal data?’

You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the email sent to you.

For personal data collected through the contact form, this data will be retained for the period of time of your enquiry and should a commercial relationship between Validium and your organisation subsequently arise, no longer than is necessary for the purposes of this commercial relationship.

What is the legal basis for collecting Personal Information?

If you wish to receive the monthly newsletter, your personal data is collected under the legal basis of consent. If you would like to voluntarily leave your contact details using the contact form, your personal data is processed under a legal basis called ‘Legitimate Interests’. This means it is within Validium’s legitimate business interests and within your personal interests for Validium to process your Personal Data in order to make contact with you.

Who receives the Personal Data?

At Validium, your Personal Data is only accessible by Validium staff who require access to it to provide you with the service. If you have opted to subscribe to the monthly newsletter, your Personal Data will be stored by an organisation called ‘MyEmma’ who provide email marketing services. MyEmma is a third party data processor. MyEmma’s privacy statement can be found here

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to data portability which means we can provide you with a machine readable file of your Personal Details on your request. You have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

HR Recruitment

Who do we get your Personal Data from?

Primarily, we collect your Personal Data directly from you with the exception that, from time to time, we may receive your personal data from a third party, such as in the form of a reference. If this is the case, we will let you know the categories of personal data that are passed to us and the source of this personal data.

What will we do with the Personal Data you provide to us?

All of the Personal Data you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

For any individuals whose application has been successful, personal data will be used to meet legal and contractual requirements of your employment.

What Personal Data do we collect and how long do we keep it?

You may send us a CV and we may send you an application form. We collect and process your personal details including name and contact details. We will also process your previous experience, qualifications and answers to other questions through a screening process to determine your candidacy for the job role. You don’t have to provide information that we ask for but it might affect your application if you don’t.

Further personal data is collected from successful candidates who become employees of Validium such as bank details and next of kin details. A copy of your passport, to help determine your right to work, is also required. We may also ask for a copy of your driving licence if you have one.

We do not collect more Personal Data than we need to fulfil the purposes of your application and will not retain it for longer than:

3 months for applicants who are not invited for interview

1 year for unsuccessful interviewees

And for successful applicants:

Employment duration plus a further 6 years

3 years for records relating to accidents at work

40 years for the legally required summary of record of service.

60 years for health surveillance and medical records

Who receives the Personal Data?

The Personal Data is reviewed and assessed by HR staff and is shared with the manager who is responsible for the job role being offered. For successful candidates who become Validium employees, personal data is shared with third parties to meet payroll and other legal requirements, and staff benefits providers. The Validium Recruitment team will share some of the candidate’s contact details with our Occupational Health Nurse who will review the medical questionnaires submitted directly to her.DBS (Disclosure & Barring Service) and CCJ (County Court Judgment) checks are also carried out by a third party.

What is the legal basis for collecting Personal Information?

Validium is processing personal data in order to ascertain your suitability for employment. Therefore, processing is necessary in order to take steps prior to entering into a contract (applicants) or the processing is necessary for the performance of a contract (successful applicants). In both these cases the legal basis for processing your Personal Data is commonly known as the ‘contract’ basis. In addition, for successful applicants who become Validium employees, some of your personal data will be processed because Validium has a legal obligation to process your personal data. Where Validium processes ‘special categories of data’, this is done in order to carry out obligations and exercise specific rights in the field of employment.

What are your rights connected to your Personal Data?

You have a number of rights under EU data protection law. You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and for the personal data we are processing under the contract basis, you have the right to data portability which means we can provide you with a machine-readable file of your Personal Details on your request. In addition, you also have the right to request that your personal data is erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Other data processing activities undertaken under the legal basis of ‘Legitimate Interests’

Where we consider use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party’s legitimate purpose, we may use your personal data, which may include:

direct marketing or continued communication

business development

for purposes of continued communication with our customers and clients

prevention of criminal activity and reporting possible criminal acts or threats to a competent authority

The data will be held for as long as necessary for the purpose for which it was collected. Personal data will only be passed to third parties where there is a legitimate interest to do so which means it has been assessed that this would not infringe on your rights and freedoms.

You have the right to access at any time the Personal Data that Validium is processing. You have the right to rectify any Personal Data that Validium may be storing that is factually incorrect and you have the right to object to the processing of any of your Personal Data being processed under the legal basis of legitimate interests. In addition you also have the right to have your personal data erased and the right to restrict the processing when certain overriding conditions don’t apply. If you need to raise a concern about how Validium is processing your Personal Data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

How secure is my information?

We design our systems with your security, privacy and confidentiality in mind.

We maintain physical, electronic and procedural safeguards in connection with the collection, storage, processing and disclosure of personal data. Our information security systems are regularly audited by an external organisation certified to carry out such audits to test the robustness of our security systems. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

Where Validium uses specialist suppliers to store personal data, the measures they have taken to keep data secure are continually assessed in line with an internationally recognised information security standard known as ISO27001.

When using Validium’s online services, it is important for you to protect against unauthorised access to your usernames and passwords and to your computers, devices, and applications. Be sure to log out when you finish using a shared computer.